"It leaves us all in a place of really unprecedented uncertainty," said Hilary Wandall, associate vice president, compliance and chief privacy officer of Merck, speaking at SC Congress NY 2015 on Tuesday, Oct. 20.
Wandall spoke on a panel, Security, Privacy and Law, that examined repercussions following the overturning on Oct. 6 of the U.S.-EU Safe Harbor Framework, which provided rules U.S. companies were obligated to follow when transfering personal data outside the European Union.
There are still in place binding clauses to regulate how to transfer data, but, she said, "it will be hard now to get content in a number of cases."
While there is turmoil at the moment, Wandall said there must be modifications going forward with the potential for new Safe Harbor laws as a result of negotiations between the U.S. Department of Commerce and the European Union.
As far as what enterprises can do at the moment, she advised that companies need accountable, comprehensive privacy program in place; good governance; good policies and procedures; good training; good protection for information; processes in place to do impact risk assessment on data; and to make sure to have good oversight and monitoring with third-parties with whom they engage.
It's a time to step back, she said, to look at all the things we need to preserve – no matter what – and ask how do we learn from the challenges we face so we can create a better framework.